ailbreaking is the process of removing limitations on iOS, Apple's

operating system, on devices running it through the use of software

and hardware exploits; such devices include the iPhone, iPod touch,
iPad, and second-generation Apple TV. Jailbreaking permits root
access to the iOS file system and manager, allowing the download of
additional applications, extensions, and themes that are unavailable
through the official Apple App Store.
Jailbreaking is a form of privilege escalation,[1][2] and the term has
been used to describe privilege escalation on devices by other
manufacturers as well.[3][4] The name refers to breaking the device out
of its "jail",[5] which is a technical term used in Unix-style systems, for
example in the term "FreeBSD jail". A jailbroken iPhone, iPod touch,
or iPad running iOS can still use the App Store, iTunes, and other
normal functions, such as making telephone calls.
Restoring a device with iTunes removes the jailbreak.[6][7][8]
Contents [hide]
1 Reasons for jailbreaking
1.1 Device customization
1.2 Use of handset on multiple carriers
1.3 Early exploit fixes
2 Security, privacy, and stability
3 Comparison to Android rooting
4 Difficulty
5 Legal status
5.1 Australia
5.2 Canada
5.3 India
5.4 Singapore
5.5 United Kingdom
5.6 United States
5.7 New Zealand
6 Types of jailbreaks
7 History of iOS jailbreaking tools
7.1 First jailbreaks by device and iOS version
7.2 Recent releases of jailbreaking tools
8 See also
9 Notes
10 References
11 External links

Reasons for jailbreaking[edit]

One of the reasons for jailbreaking is to expand the feature set limited
by Apple and its App Store.[9][dubious discuss] Apple checks apps for
compliance with its iOS Developer Program License Agreement
before accepting them for distribution in the App Store.[10] However,
their reasons for banning apps are not limited to safety and security
and may be construed as arbitrary and capricious.[11] To access the
list of banned apps,[12] users rely on jailbreaking to circumvent Apple's
censorship of content and features. Jailbreaking permits the
downloading of programs not approved by Apple,[13] such as
customization apps used to change the user Interface.

Device customization[edit]
Since software programs available through Cydia are not required to
adhere to App Store guidelines, many of them are not typical selfcontained apps but instead are extensions and customizations for
iOS and other apps.[14] Users install these programs for purposes
including personalization and customization of the interface,[14] adding
desired features and fixing annoyances,[15] and making development
work on the device easier by providing access to the filesystem and
command-line tools.[16][17]
Many Chinese iOS device owners also jailbreak their phones to install
third-party Chinese character input systems because they are easier
to use than Apple's.[18]

Use of handset on multiple carriers[edit]

Jailbreaking also opens the possibility for using software to
unofficially unlock carrier-locked iPhones so they can be used with
other carriers.[19] Software-based unlocks have been available since
September 2007,[20] with each tool applying to a specific iPhone model
and baseband version (or multiple models and versions).[21]

Early exploit fixes[edit]

On July 15, 2011, Apple released a new version of iOS that closed
the exploit used in JailbreakMe 3.0. The German Federal Office for
Information Security had reported that the "critical weakness"
uncovered by JailbreakMe meant that iOS users could potentially
have their information stolen or unwillingly download malware by
clicking on maliciously crafted PDF files.[22] Before Apple released a
fix for this security hole, jailbreak users had access to a fix published
by the developer of JailbreakMe.

Security, privacy, and stability[edit]

The first iPhone worm, iKee, appeared in early November 2009,
created by a 21-year-old Australian student in the town of
Wollongong. He told Australian media that he created the worm to
raise awareness of security issues: jailbreaking allows users to install
an SSH service, which those users can leave in the default unsecure
state.[23] In the same month, F-Secure reported on a new malicious
worm compromising bank transactions from jailbroken phones in the
Netherlands, similarly affecting devices where the owner had installed
SSH without changing the default password.[24][25]
A Forbes staff analyzed UCSB study on 1407 free programs available
from a third party source and Apple. Of the 1,407 free apps
investigated in the cited study, 825 were downloaded from Apples
App Store using the website App Tracker, and 526 from BigBoss
(Cydia's default repository). 21% of official apps tested leaked device
ID and 4% leaked location. Unofficial apps leaked 4% and 0.2%
respectively. 0.2% of apps from Cydia leaked photos and browsing
history, while the Apple store leaked none. He commented that
unauthorized apps tend to respect privacy better than official ones.[26]
Also, there is a program called PrivaCy that allows user to control the
upload of usage statistics to remote servers.[26]
Installing software published outside the App Store has the potential
to affect battery life and system stability if the software is poorly
optimized or frequently uses resource-draining services (such as 3G
or Wi-Fi).[27][28][29]

Comparison to Android rooting[edit]

Jailbreaking of iOS devices is sometimes compared to "rooting" of
Android devices. Although the two concepts both involve privilege
escalation, they differ substantially in scope. Android devices, with
few exceptions, do not natively implement strong technical security
measures to prevent users from modifying or replacing the operating
system; enabling installation of apps that have not been reviewed or
authorized by a central authority such as Googleknown as
"sideloading"is a simple user preference;.[30]
In marked contrast, iOS is engineered with strong security measures
(including a "locked bootloader") intended to prevent users from
modifying the operating system or installing apps that are not
authorized by Apple, and to prevent user-installed apps from gaining
root privileges; jailbreaking an iOS device to defeat all of these

security measures presents a significant technical challenge.

Jailbreaking also violates Apple's end-user license agreement for
iOS.[31]

Difficulty[edit]
Apple has released various updates to iOS that patch exploits used
by jailbreak utilities; this includes a patch released in iOS 6.1.3 to
software exploits used by the original evasi0n iOS 66.1.2 jailbreak,
and again in iOS 7.1 patching the Evasi0n 7 jailbreak for iOS 7
7.0.6/7.1 beta 3. Bootrom exploits (exploits found in the hardware of
the device) cannot be patched by Apple by system updates, but could
be fixed in hardware revisions such as new chips or new hardware in
its entirety.

Legal status[edit]
Jailbreaking a device involves circumventing its technological
protection measures (in order to allow root access and running
alternative software), so its legal status is affected by laws regarding
circumvention of digital locks, such as laws protecting digital rights
management (DRM) mechanisms. Many countries do not have such
laws, and some countries have laws including exceptions for
jailbreaking.
International treaties have influenced the development of laws
affecting jailbreaking. The 1996 World Intellectual Property
Organization (WIPO) Copyright Treaty requires nations party to the
treaties to enact laws against DRM circumvention. The American
implementation is the Digital Millennium Copyright Act (DMCA), which
includes a process for establishing exemptions for non-copyrightinfringing purposes such as jailbreaking. The 2001 European
Copyright Directive implemented the treaty in Europe, requiring
member states of the European Union to implement legal protections
for technological protection measures. The Copyright Directive
includes exceptions to allow breaking those measures for noncopyright-infringing purposes, such as jailbreaking to run alternative
software,[32] but member states vary on the implementation of the
directive.

Australia[edit]
In 2010, Electronic Frontiers Australia said that it is unclear whether
jailbreaking is legal in Australia, and that anti-circumvention laws may
apply.[33] These laws were strengthened by the Copyright Amendment
Act 2006.

Canada[edit]
In November 2012, Canada amended its Copyright Act with new
provisions prohibiting tampering with digital locks, with exceptions
including software interoperability.[34] Jailbreaking a device to run
alternative software is a form of circumventing digital locks for the
purpose of software interoperability.
There had been several efforts from 2008-2011 to amend the
Copyright Act (Bill C-60, Bill C-61, and Bill C-32) to prohibit tampering
with digital locks, along with initial proposals for C-11 that were more
restrictive,[35] but those bills were set aside. In 2011, Michael Geist, a
Canadian copyright scholar, cited iPhone jailbreaking as a noncopyright-related activity that overly-broad Copyright Act
amendments could prohibit.[36]

India[edit]
India's copyright law permits circumventing DRM for non-copyrightinfringing purposes.[37][38] Parliament introduced a bill including this
DRM provision in 2010 and passed it in 2012 as Copyright
(Amendment) Bill 2012.[39] India is not a signatory to the WIPO
Copyright Treaty that requires laws against DRM circumvention, but
being listed on the US Special 301 Report "Priority Watch List"
applied pressure to develop stricter copyright laws in line with the
WIPO treaty.[37][38]

Singapore[edit]
Jailbreaking might be legal in Singapore if done to provide
interoperability and not circumvent copyright, but that has not been
tested in court.[40]

United Kingdom[edit]
The law Copyright and Related Rights Regulations 2003 makes
circumventing DRM protection measures legal for the purpose of
interoperability but not copyright infringement. Jailbreaking may be a
form of circumvention covered by that law, but this has not been
tested in court.[32][41] Competition laws may also be relevant.[42]

United States[edit]
Apples goal has always been to ensure that our customers
have a great experience with their iPhone and we know that
jailbreaking can severely degrade the experience. As weve said
before, the vast majority of customers do not jailbreak their
iPhones as this can violate the warranty and can cause the
iPhone to become unstable and not work reliably.

 Apple spokesperson, full official statement, 2010[43]

The Digital Millennium Copyright Act says "[n]o person shall

circumvent a technological measure that effectively controls access
to a work protected under" the Digital Millennium Copyright Act,
which may apply to jailbreaking;[44] there is an exemption from this law
only for jailbreaking mobile phones "at least through 2015."[45] Note
that the exemption is for jailbreaking only, not unlocking (recent
phones), and that Apple has announced that jailbreaking "can violate
the warranty".[43] However, in the United States, Apple cannot void an
iPhone's warranty unless it can show that a problem or component
failure is linked to the installation or placement of after-market item
such as unauthorized applications, because of the Federal Trade
Commission's Magnuson-Moss Warranty Act of 1975[46][47][48]
In 2010, in response to a request by the Electronic Frontier
Foundation, the U.S. Copyright Office explicitly recognized an
exemption to the DMCA to permit jailbreaking in order to allow iPhone
owners to use their phones with applications that are not available
from Apple's store, and to unlock their iPhones for use with
unapproved carriers.[49][50] Apple had previously filed comments
opposing this exemption and indicated that it had considered
jailbreaking to be a violation of copyright (and by implication
prosecutable under the DMCA). Apple's request to define copyright
law to include jailbreaking as a violation was denied as part of the
2009 DMCA rulemaking. In their ruling, the Library of Congress
affirmed on July 26, 2010 that jailbreaking is exempt from DMCA
rules with respect to circumventing digital locks. DMCA exemptions
must be reviewed and renewed every three years or else they expire.
On October 28, 2012, the US Copyright Office updated their
exemption policies. The jailbreaking of Apple products continues to
be illegal"where circumvention[lawfully obtained software]
applications with computer programs on the telephone handset."
However, the U.S. Copyright office refused to extend this exemption
to tablets, such as iPads, arguing that the term "tablets" is broad and
ill-defined, and an exemption to this class of devices could have
unintended side effects.[51][52][53] The Copyright Office also renewed the
2010 exemption for unofficially unlocking phones to use them on
unapproved carriers, but restricted this exemption to phones
purchased before January 26, 2013.[52]
Tim Wu, a professor at Columbia Law School, argued in 2007 that
jailbreaking "Apple's superphone is legal, ethical, and just plain

fun."[54] Wu cited an explicit exemption issued by the Library of

Congress in 2006 for personal unlocking, which notes that locks "are
used by wireless carriers to limit the ability of subscribers to switch to
other carriers, a business decision that has nothing whatsoever to do
with the interests protected by copyright" and thus do not implicate
the DMCA.[55] Wu did not claim that this exemption applies to those
who help others unlock a device or "traffic" in software to do so. [54] In
2010 and 2012, the U.S. Copyright Office approved exemptions to
the DMCA that allow iPhone users to jailbreak their devices legally.[56]
It is still possible Apple may employ technical countermeasures to
prevent jailbreaking or prevent jailbroken phones from functioning,
but it will not be able to sue users who jailbreak.[57] It is also unclear
whether it is legal to traffic in the tools used to make jailbreaking
easy.[57]

New Zealand[edit]
New Zealand's copyright law allows the use of technological
protection measure (TPM) circumvention methods as long as the use
is for legal, non-copyright-infringing purposes.[58][59] This law was
added to the Copyright Act 1994 as part of the Copyright (New
Technologies) Amendment Act 2008.

Types of jailbreaks[edit]
When a device is booting, it loads Apple's own kernel initially. The
device must then be exploited and have the kernel patched each time
it is turned on.
An "untethered" jailbreak has the property that if the user turns the
device off and back on, the device will start up completely, and the
kernel will be patched without the help of a computer thus enabling
the user to boot without the need to use a computer.[60] These
jailbreaks are harder to make and take a lot of reverse engineering
and years of experience.
With a "tethered" jailbreak, a computer is needed to turn the device
on each time it is rebooted. If the device starts back up on its own, it
will no longer have a patched kernel, and it may get stuck in a
partially started state. By using a computer, the phone is essentially
"re-jailbroken" (using the "boot tethered" feature of a jailbreaking tool)
each time it is turned on.[61] With a tethered jailbreak, you can still
restart SpringBoard ("respring") on the device without needing to
reboot.
There is also "semi-tethered" solution, which means that when the

device boots, it will no longer have a patched kernel (so it will not be
able to run modified code), but it will still be usable for normal
functions such as making phone calls, or texting.[62] To use any
features that require running modified code, the user must start the
device with the help of the jailbreaking tool in order for it to start with
a patched kernel (jailbroken).

History of iOS jailbreaking tools[edit]

Parts of this article (those related to History of iOS jailbreaking tools) are out
recent events or newly available information. (November 2013)
A few days after the original iPhone became available in July 2007,
developers released the first jailbreaking tool for it,[63] and soon a
jailbreak-only game app became available.[64] In October 2007,
JailbreakMe 1.0 (also called "AppSnapp") allowed people to jailbreak
iPhone OS 1.1.1 on both the iPhone and iPod touch,[65][66] and it
included Installer.app as a way to get software for the jailbroken
device. In February 2008, Zibri released ZiPhone, a tool for
jailbreaking iPhone OS 1.1.3 and iPhone OS 1.1.4.[67]
The iPhone Dev Team (not affiliated with Apple) has released a
series of free desktop-based jailbreaking tools. It released a version
of PwnageTool in July 2008 to jailbreak the then new iPhone 3G on
iPhone OS 2.0 as well as the iPod touch,[68][69] newly including Cydia
as the primary third-party installer for jailbroken software[70]
(PwnageTool continues to be updated for untethered jailbreaks of
newer iOS versions).[71][72] The iPhone Dev Team released QuickPWN
to jailbreak iOS 2.2 on iPhone and iPod touch, also including options
to enable functionality that was possible but disabled by Apple on
certain devices.[73] After Apple released iOS 3.0, the Dev Team
published redsn0w as a simple jailbreaking tool usable on Mac and
Windows, and also updated PwnageTool (now primarily intended for
expert users making custom firmware, and only for Mac).[74] It
continues to maintain redsn0w for jailbreaking most versions of iOS 4
and iOS 5 on most devices.[75] Before redsn0w released their iOS 5
jailbreak, another team by the name of BlueFire created an iOS 5
jailbreak for Apple's A4 and A5 devices. As of December 2011,
redsn0w includes the "Corona" untether by pod2g for iOS 5.0.1 for
iPhone 3GS, iPhone 4, iPad 1, and iPod touch 3rd and 4th
generation.[72] As of June 2012, redsn0w also includes the "Rocky
Racoon" untether by pod2g for iOS 5.1.1 on all iPhone, iPad, and
iPod touch models that support iOS 5.1.1.[76]

George Hotz, who developed the first iPhone unlock, released a

jailbreaking tool for the iPhone 3GS on iPhone OS 3.0 called
purplera1n,[77] and blackra1n for iPhone OS version 3.1.2 on the 3rd
generation iPod touch and other devices.[78] In October 2010, he
released limera1n, a low-level boot ROM exploit that permanently
works to jailbreak the iPhone 4 and is used as part of tools including
redsn0w.[79]
Nicholas Allegra (better known as "comex") released a program
called Spirit in May 2010. Spirit jailbreak for devices including iPad
(which was just released) and then new iPhones running iPhone OS
3.1.2, 3.1.3, and iPad running 3.2[80] In August 2010, comex released
JailbreakMe 2.0, a web-based tool that was the first to jailbreak the
iPhone 4 (on iOS 4.0.1).[81][82] In July 2011, he released JailbreakMe
3.0,[83] a web-based tool for jailbreaking all devices on certain versions
of iOS 4.3, including the iPad 2 for the first time (on iOS 4.3.3).[84]
JailbreakMe 3.0 uses a flaw in PDF file rendering in mobile Safari.[85][86]
Chronic Dev Team initially released greenpois0n in October 2010, a
desktop-based tool for jailbreaking iOS 4.1[87] and later iOS 4.2.1[88] on
most devices including the Apple TV,[89] as well as iOS 4.2.6 on
CDMA (Verizon) iPhones.[90]
The iPhone Dev Team, Chronic Dev Team, and pod2g collaborated
to release Absinthe in January 2012, a desktop-based tool to
jailbreak the iPhone 4S for the first time and the iPad 2 for the second
time, on iOS 5.0.1 for both devices and also iOS 5.0 for iPhone
4S.[60][61][91][92] In May 2012 it released Absinthe 2.0, which can jailbreak
iOS 5.1.1 untethered on all iPhone, iPad, and iPod touch models that
support iOS 5.1.1, including jailbreaking the third-generation iPad for
the first time.[93] The hackers together called the evad3rs released an
iOS 6.X jailbreak tool called evasi0n. The expected release was on
Sunday, February 3, 2013, though it was actually released on
Monday, February 4, 2013 at noon Eastern Standard Time. The site
initially gave anticipating users download errors as there was a high
volume of interest in the download for the jailbreak utility, which is
available for Linux, OS X, and Windows. When Apple upgraded its
software to iOS 6.1.3 it permanently patched out the evasi0n
jailbreak. Apple has now upgraded its software to iOS 6.1.4.[94] which
is only available for the iPhone 5. On April 2013, the latest versions of
Sn0wbreeze was released, which added the support for tethered
jailbreaking on A4 devices (i.e. devices not newer than the iPhone 4,
iPad 1, or iPod touch 4).[95][96][97]

On December 22, 2013, the evad3rs released a new version of

evasi0n that supports jailbreaking iOS 7.0.x, known as evasi0n7.
After the release of evasi0n7, winocm, ih8sn0w and SquiffyPwn
released p0sixspwn on December 30, 2013 for untethering devices
on iOS 6.1.3 - 6.1.5. Initially, it was necessary to jailbreak tethered
using redsn0w and install p0sixpwn at Cydia. A few days later, on
January 4, 2014, the same team released a version of p0sixpwn for
jailbreaking using a computer.
iOS 7.1 patched the exploits used by evasi0n7, and on June 23,
2014, Pangu, a Chinese untethered jailbreak was released for iOS
7.1.
On October 22, 2014, Pangu Team released Pangu8 to jailbreak all
devices running iOS 8-8.1. The first versions did not bundle Cydia,
nor was there an iOS 8 compatible version of Cydia at the time.
November 29, 2014, was the day TaiG team released their version of
jailbreak tool, available to devices running iOS 8.0-8.1.1. And, on
December 10, 2014, their app was updated to include support for iOS
8.1.2.[98]